PT-2020-8624 · Ingenico · Ingenico Telium 2

Aleksey Stennikov

Published

2020-09-09

Updated

2020-11-24

CVE-2018-17770

CVSS v2.0

7.2

High

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: Ingenico Telium 2 POS terminals versions prior to Telium 2 SDK v9.32.03 patch N

Description: The issue is a buffer overflow that occurs via the RemotePutFile command of the NTPT3 protocol. This buffer overflow is fixed in Telium 2 SDK v9.32.03 patch N.

Recommendations: For Ingenico Telium 2 POS terminals versions prior to Telium 2 SDK v9.32.03 patch N, update to Telium 2 SDK v9.32.03 patch N to resolve the issue. As a temporary workaround, consider restricting access to the RemotePutFile command of the NTPT3 protocol until the update is applied.

Exploit

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-120

Related Identifiers

CVE-2018-17770

Affected Products

Ingenico Telium 2

PT-2020-8624 · Ingenico · Ingenico Telium 2

CVE-2018-17770

Weakness Enumeration

Related Identifiers

Affected Products

References · 7